Infisical’s Agent Vault is an open-source HTTP credential proxy that injects secrets at the network layer so AI agents never receive or see credentials directly.
Key Takeaways
Agents get a scoped session and HTTPS_PROXY; all HTTPS traffic routes through port 14322, where Agent Vault injects the matching credential before forwarding upstream.
agent-vault run -- claude wraps local agents (Claude Code, Cursor, Codex) transparently, setting CA-trust env vars alongside HTTPS_PROXY at launch.
Container sandbox mode locks outbound egress via iptables so a sandboxed agent physically cannot bypass the proxy, regardless of prompt injection attempts.
Credentials are encrypted at rest with AES-256-GCM; a DEK is wrapped by Argon2id from the master password, so password rotation skips full re-encryption.
TypeScript SDK lets orchestrators mint scoped sessions and inject proxy config into Docker, Daytona, E2B, or Firecracker sandboxes without agent-side SDK changes.
Hacker News Comment Review
The key security challenge raised: proxy auth key theft moves the exfiltration surface rather than eliminating it. An agent that obtains the proxy key can still route arbitrary authenticated requests.
A commenter asked whether Infisical cloud vaults can back Agent Vault, suggesting the local-only model may not fit teams already using Infisical for centralized multi-environment secret management.
Notable Comments
@hanyiwang: “if they get the proxy auth key then they would also be able to make requests through it” – flags that the threat model shifts to key theft, not eliminates exfiltration.